Home Asia-Pacific I 2014 Shining the light on privacy
Asia-Pacific I 2014

Shining the light on privacy

by david.nunes
Sam Hendry Michael McKinnonIssue:Asia-Pacific I 2014
Article no.:2
Topic:Shining the light on privacy
Author:Sam Hendry & Michael McKinnon
Title:General Manager & Security Advisor
Organisation:AVG Technologies
PDF size:263KB

About author

Mr Sam Hendry is General Manager, AVG Technologies AU Pty Ltd, responsible for the operational and commercial management of AVG in AU/NZ. In 2001 he was the business manager for Digital Brand Services, a start-up division within Melbourne IT Ltd (ASX:MLB), for Fortune 500 companies to outsource the management of their digital brands. He was responsible for developing the vision, strategy and sales execution to grow the business from a concept with no revenues in 2001 to being a market leader in Australia and then, through acquisition and organic growth, a successful multi-million dollar business, which eventually sold for US$150m+.

Relocating to London, Sam oversaw the opening up of new markets, managing international teams with offices in 18 countries.

Sam Hendry has a B Bus. in Administration (RMIT) and Grad Cert in Management (Deakin University).

Michael McKinnon is Security Advisor, AVG Technologies AU Pty Ltd. With more than 20 years’ IT industry experience, Michael McKinnon is highly regarded for his expertise in providing thought leadership and fostering awareness of the key security and privacy compliance issues to all sectors of the community, from consumer to enterprise. Michael has consulted for publicly listed companies, as well as small and medium sized businesses. Under his technical leadership he has helped businesses achieve listings in the coveted BRW Fast 100 and Deloitte Fast 50.

Michael McKinnon is a Certified Information Security Systems Professional (CISSP), member of the Australian Information Security Association (AISA) and regularly attends security conferences such as AUSCert, Breakpoint and Ruxcon.

Article abstract

In the era of WikiLeaks and ‘post privacy’, there is a growing concern of eroding trust in governments and key organizations, who cannot defend our privacy. Should we reveal all and render private data valueless? The flip side is keeping personal information safe from fraud and damage. Even if individuals may bear all, commercial data still requires confidentiality. Perhaps a better understanding of what must remain confidential needs to be redefined, and both consumers and organizations must shoulder the responsibility of supporting security.

Full Article

Depending on how you view online security, we are either in a very dark place or everything is clear and bright. However, this no longer matters. The reality, at least for today, probably lies somewhere in between.

A great part of our social, work and financial lives are now lived online. As an unfortunate natural progression of this dependence, our private lives are often being encroached upon. Individuals are being exploited via the mass collection of personal data by advertising networks and businesses. These organisations are requesting and using information beyond what is required to provide the services offered to consumers. Irrespective of security guarantees their storage of your information is never truly failsafe.

In covert ways, governments and nefarious Internet players are also invading our private digital lives. With the Wikileaks imbroglio and the NSA revelations by Edward Snowden, people have a heightened awareness of the implications of privacy invasion and security threats. If governments are being brought to task over the ethical collection and use of data, who do we now trust to safeguard our privacy?

Recent AVG Technologies research found that almost half of respondents (46 per cent globally) said the news of the US Government’s collection of civilians’ telephone and internet data, under NSA and PRISM anti-terrorism efforts, had changed their attitude towards privacy and made them more concerned about the issue. This news had also resulted in them expressing less trust in companies to safeguard their information.

Hacking and data breaches are all to do with the high value of confidential information, which is now is one of the largest globally traded commodities. So what is it we’re actually trying to protect? Who can tell us how we’re potentially being taken advantage of? Who should take responsibility for our online safety?

Connectivity and trust are irrevocably changing the way we value privacy
Our attachment to social media has diminished traditional notions of privacy and where we draw the confidentiality line. We need to recognise the staggering amount of information we willingly share. All the free sites we sign up to – Facebook, Gmail, Twitter and LinkedIn, to name just a few – are trading our privacy by giving their advertisers access to us.

The sheer momentum of connectivity and mobility trends is creating a landscape where long held beliefs in confidentiality and personal security are being completely overshadowed. According to a report by Mary Meeker of KPCB, while it took 22 years for the Internet to connect 2.5 billion people , it’s predicted that in the next five years, another 2.5 billion will connect for the first time – much of it due to the growth of mobile technologies. People are using their mobile gadgets as their primary Internet browsing device, rather than a PC or laptop, thus driving this evolution and spread. A mobile device-driven world has implications for security as our data is synchronised between multiple devices and cloud providers with differing levels and types of protection.

The privacy evolution
Traditional privacy advocates have told us to give away nothing, to stay offline rather than give away any personal details. However, the emerging thinking is that the redefined privacy has taken an unstoppable new direction. German futurist Christian Heller, who believes that privacy is gone for good, provides an interesting insight into what our ‘post-privacy’ world might look like. To prove his point, he documents his entire life online – including financial transactions and each time he has sex! It is his contention that private information is only worth something while it remains private. If we lived in a world where much of the information we now consider private is revealed, it would be instantly rendered worthless – thus removing the motive for it to be hacked, stolen or manipulated. It’s certainly an interesting viewpoint, but arguably not many of us would risk doing as Heller has done. In the business context, of course, highly competitive data and intellectual property will always have value and will be subject to attack.

In the old physical world, you protected your assets by putting a lock on the door. Then, with the arrival of criminal elements in the community, law enforcement services were created and given powers to enter a suspect’s home in search of evidence or misdemeanour. You put a bolt on the door to keep everyone out, but then you appointed others to keep you safe. Cloud technologies offer the promise of making things more secure, but they also add complexity since your confidential data now resides in data centres anywhere in the world. It no longer sits behind a locked door that you control.

There is also the issue of cloud providers storing data in aggregate, making them obvious targets for determined adversaries, who can compromise many businesses at once, in a single attack. Note the alarmingly sophisticated, large scale attacks on global cloud behemoths such as Amazon .

On the positive side, competent cloud providers invest in the latest security measures that are at much higher levels than the average individual or small business can achieve. This economy of scale means better all-round security. However, while your data may be safer in the cloud, if you’re not using strong password and lock protections on your mobile devices then you’re making yourself a very easy mark. From the AVG survey, one in five users worldwide are either unaware of the security settings for their personal devices, or do not activate them because they believe it’s too complex a task.

Focussing the spotlight on security
For years we’ve heard the advice: “Don’t give away your date of birth online”, but in reality, it’s not very hard to find. It’s not that much of a secret anymore. In Australia, if you are the director of a company your date of birth and place of birth are already a matter of public record.

Because identity theft is so rife, security in its most sophisticated sense has already shifted to the end points rather than the source. Banks around the world continue to institute stronger measures that, admittedly, are effective only until the next wave of cyber-crime catches up.

As an example of good end point policy from the US, the major credit reporting agencies allow individual citizens to put a lock on their details. No fraudster can illegally make a loan application in your name, even if they have your full set of identifiers, because the banks cannot approve the release of monies without first gaining access to your credit rating.

So if we make the assumption that someone somewhere has access to our personal identifiers, what’s left to protect? Who should be taking charge of the security debate: governments or citizens? As with most things in life, it’s not an either/or answer. Privacy is a shared responsibility. There is a role for laws and regulations and there is a role for self-regulation, but none of us can afford to put our online fate entirely in the hands of government or big business.

Again from our survey, while 72 per cent of consumers worldwide believe that technology will become more helpful, almost the same number, 69 per cent, were concerned that it will become more invasive as the digital world continues to develop. As consumers, we need to take control of our digital destinies if we are to live safer, more productive lives online.

Those developing security technologies must be alert to consumer demands for better and easier tools to understand and navigate the powerful but potentially treacherous seas of e-commerce, online banking, social media and cloud content sharing. We predict that the adoption of such mechanisms as Do Not Track, as both a passive and active feature, will be enabled by default.

The key will be to focus more on education that empowers and protects consumers. Individuals need access to the information that helps them manage their identity in the digital world. Policy makers and corporations need to empower consumers to assist them make their own decisions when it comes to their online reputations, privacy and peace of mind.

If we can sort out the privacy dilemma, then everything else will fall into place. What’s needed is a clearer understanding of changing expectations of what privacy is. If we create a new understanding – of Privacy 2.0 – then we’ll know what’s valuable, what needs protecting, how best to do it, and who will be responsible for safeguarding it.

Related Articles

The dark side of TV Everywhere: Keeping an...

Best practices for securing your online retail presence

Power struggles: Managing IT’s hidden fear

Security is only as good as the big...

A flashlight is most valuable at night –...

Staying ahead through embracing change

Malware figures in the world

‘Next Generation’ DDoS: Navigating the current landscape

Mobility: How to survive in a hostile environment

Calling time on compliance spreadsheet overload

Upcoming Events

Contact us
Copyright © Connect-World 2022. All rights reserved

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More